Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Invalid key in stanza [webhook] alert_actions.conf splunk forwarder

spisiakmi
Contributor
‎07-17-2023 11:17 PM

Hi, can anybody help, please?

I'm using Splunk Universal Forwarder 9.0.4 (build de405f4a7979) and from 15.07.2023 I have no indexed data in Splunk. .After restart there is only 1 error:

Invalid key in stanza [webhook] in C:\Program Files\SplunkUniversalForwarder\etc\system\default\alert_actions.conf, line 229: enable_allowlist (value: false).
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'

I tried this step:

1. removed 
[webhook]
enable_allowlist = false

or

2. changed it into true

nothing helped. Any advice, please?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

spisiakmi
Contributor
‎07-21-2023 03:18 AM

The problem has been fixed by splunk admins. Unfortunately I don't know how. Problem appeared when they deleted old indexers from the cluster and the still have been configured on the FW side.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

spisiakmi
Contributor
‎07-21-2023 03:18 AM

The problem has been fixed by splunk admins. Unfortunately I don't know how. Problem appeared when they deleted old indexers from the cluster and the still have been configured on the FW side.

0 Karma
Reply
Solved! Jump to solution

m_pham
Splunk Employee
Splunk Employee
‎07-21-2023 03:05 AM

I doubt that error is causing your data ingest issue, since "enable_allowlist" appears to be an invalid option for the alert_actions.conf file that came with the Splunk UF software. You can safely ignore that error.

It's also a known issue on Splunk UF v9.0.4: https://community.splunk.com/t5/Splunk-Enterprise/Invalid-Key-in-alert-actions-conf-after-upgrade-to...

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...